I'm using nginx together with php5-fpm and with the following fastcgi_params file:
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param HTTPS $https;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
I've noticed that the $_SERVER['HTTP_REFERER'] variable is not set. I searched the nginx wiki for any reference to the Referer header but I couldn't find anything mentioning problems related to fastcgi.
How can I make nginx pass that header? Am I missing something obvious here?
The
HTTP_REFERERenvironment variable will be set by nginx for the CGI script if and only if the remote user agent (eg. web browser) provided the optionalReferer:header. The contents of this header are also entirely arbitrary on the part of the remote user agent (though they should be the last page visited, this isn't always what it is, and nothing constrains it to be so).Anytime your CGI script uses this variable, it should have an alternate control path to handle cases where it is not set, and it should recognize that it will often be wrong or spoofed.